Security hardening + new tools deployment

- Hide Apache version (ServerTokens Prod)
- Add Permissions-Policy header
- Remove deprecated X-XSS-Protection
- Consolidate security headers to .htaccess only (remove duplicates from PHP)
- Deploy free tools: robots-analyzer, data-converter
- Deploy tools announcement blog post
- Update sitemap with new tools and blog post

contact-handler.php

@@ -11,9 +11,6 @@ session_start();
 require_once '.recaptcha-config.php';
 
 // Security headers
-header('X-Content-Type-Options: nosniff');
-header('X-Frame-Options: DENY');
-header('X-XSS-Protection: 1; mode=block');
 header('Content-Type: application/json');
 
 // CSRF Protection